njrat | 3990ab6d73f0a92606cb4c86d39e077f014da65413a264be94d03ca8478e64b8

Analysis

max time kernel
121s
max time network
237s
platform
windows11-21h2_x64
resource
win11-20250313-en
resource tags

arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
submitted
21/03/2025, 20:45

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

pisun.exe
Size

54KB
MD5

45140e967970cd63521eaa76dc4db7d7
SHA1

aae8aa4c5fb8e1d5a830f1f095d7550a89b7634a
SHA256

3990ab6d73f0a92606cb4c86d39e077f014da65413a264be94d03ca8478e64b8
SHA512

d8c5274fc1c66700c3fb63527973cb20106070698eebdf90e6b3f9ace371e34a653e382f949683d9aab0cb33fdd00ab2b943e499a4d2d6f42a24822fa2142129
SSDEEP

768:U8I0g652Esltuq55JR2ET3NwJSNbxWQG35bmaePD5PvXOC2XXJdxIEpmvg:U8ZVGtZ5DTCGlWQcGD0LX3xIEpmvg

Score

10^/10

njrat discovery trojan

Malware Config

Signatures

Njrat family
njrat
njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat

Executes dropped EXE 5 IoCs

pid	Process
4136	116add906e85427ea40769b5311bd27e.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
3272	f6d6c6361375467b90a93d6a4fa556d6.exe
1788	8386c0803abd47ff87102dcc364115e5.EXE
2764	3c338058306d40f6b3b6cc5e8ec5c881.exe

Drops file in Windows directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	msedge.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1120	1852	WerFault.exe	143

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pisun.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	116add906e85427ea40769b5311bd27e.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f6d6c6361375467b90a93d6a4fa556d6.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8386c0803abd47ff87102dcc364115e5.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133870636230177854"	msedge.exe

Modifies registry class 6 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1136229799-3442283115-138161576-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1136229799-3442283115-138161576-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1136229799-3442283115-138161576-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-1136229799-3442283115-138161576-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1136229799-3442283115-138161576-1000\{4AF6E5B3-6180-410D-889A-3BD60162933E}	msedge.exe

Suspicious behavior: EnumeratesProcesses 52 IoCs

pid	Process
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe
2156	59dd81d3cc9b400892adeb3d00ff5652.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe
4776	msedge.exe

Suspicious use of AdjustPrivilegeToken 49 IoCs

description	pid	Process
Token: SeDebugPrivilege	4732	pisun.exe
Token: 33	4732	pisun.exe
Token: SeIncBasePriorityPrivilege	4732	pisun.exe
Token: 33	4732	pisun.exe
Token: SeIncBasePriorityPrivilege	4732	pisun.exe
Token: 33	4732	pisun.exe
Token: SeIncBasePriorityPrivilege	4732	pisun.exe
Token: 33	4732	pisun.exe
Token: SeIncBasePriorityPrivilege	4732	pisun.exe
Token: 33	4732	pisun.exe
Token: SeIncBasePriorityPrivilege	4732	pisun.exe
Token: 33	4732	pisun.exe
Token: SeIncBasePriorityPrivilege	4732	pisun.exe
Token: 33	4732	pisun.exe
Token: SeIncBasePriorityPrivilege	4732	pisun.exe
Token: SeDebugPrivilege	4136	116add906e85427ea40769b5311bd27e.exe
Token: 33	4136	116add906e85427ea40769b5311bd27e.exe
Token: SeIncBasePriorityPrivilege	4136	116add906e85427ea40769b5311bd27e.exe
Token: 33	4732	pisun.exe
Token: SeIncBasePriorityPrivilege	4732	pisun.exe
Token: 33	4136	116add906e85427ea40769b5311bd27e.exe
Token: SeIncBasePriorityPrivilege	4136	116add906e85427ea40769b5311bd27e.exe
Token: SeDebugPrivilege	2156	59dd81d3cc9b400892adeb3d00ff5652.exe
Token: 33	4732	pisun.exe
Token: SeIncBasePriorityPrivilege	4732	pisun.exe
Token: 33	4136	116add906e85427ea40769b5311bd27e.exe
Token: SeIncBasePriorityPrivilege	4136	116add906e85427ea40769b5311bd27e.exe
Token: 33	4732	pisun.exe
Token: SeIncBasePriorityPrivilege	4732	pisun.exe
Token: 33	4136	116add906e85427ea40769b5311bd27e.exe
Token: SeIncBasePriorityPrivilege	4136	116add906e85427ea40769b5311bd27e.exe
Token: 33	4732	pisun.exe
Token: SeIncBasePriorityPrivilege	4732	pisun.exe
Token: 33	4136	116add906e85427ea40769b5311bd27e.exe
Token: SeIncBasePriorityPrivilege	4136	116add906e85427ea40769b5311bd27e.exe
Token: 33	4732	pisun.exe
Token: SeIncBasePriorityPrivilege	4732	pisun.exe
Token: 33	4136	116add906e85427ea40769b5311bd27e.exe
Token: SeIncBasePriorityPrivilege	4136	116add906e85427ea40769b5311bd27e.exe
Token: 33	4732	pisun.exe
Token: SeIncBasePriorityPrivilege	4732	pisun.exe
Token: 33	4136	116add906e85427ea40769b5311bd27e.exe
Token: SeIncBasePriorityPrivilege	4136	116add906e85427ea40769b5311bd27e.exe
Token: 33	2900	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2900	AUDIODG.EXE
Token: 33	4732	pisun.exe
Token: SeIncBasePriorityPrivilege	4732	pisun.exe
Token: 33	4136	116add906e85427ea40769b5311bd27e.exe
Token: SeIncBasePriorityPrivilege	4136	116add906e85427ea40769b5311bd27e.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
3272	f6d6c6361375467b90a93d6a4fa556d6.exe
4776	msedge.exe
4776	msedge.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
3272	f6d6c6361375467b90a93d6a4fa556d6.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4732 wrote to memory of 4136	4732	pisun.exe	83
PID 4732 wrote to memory of 4136	4732	pisun.exe	83
PID 4732 wrote to memory of 4136	4732	pisun.exe	83
PID 4136 wrote to memory of 2156	4136	116add906e85427ea40769b5311bd27e.exe	93
PID 4136 wrote to memory of 2156	4136	116add906e85427ea40769b5311bd27e.exe	93
PID 4136 wrote to memory of 3272	4136	116add906e85427ea40769b5311bd27e.exe	94
PID 4136 wrote to memory of 3272	4136	116add906e85427ea40769b5311bd27e.exe	94
PID 4136 wrote to memory of 3272	4136	116add906e85427ea40769b5311bd27e.exe	94
PID 3272 wrote to memory of 4776	3272	f6d6c6361375467b90a93d6a4fa556d6.exe	95
PID 3272 wrote to memory of 4776	3272	f6d6c6361375467b90a93d6a4fa556d6.exe	95
PID 4776 wrote to memory of 2920	4776	msedge.exe	96
PID 4776 wrote to memory of 2920	4776	msedge.exe	96
PID 4776 wrote to memory of 3124	4776	msedge.exe	98
PID 4776 wrote to memory of 3124	4776	msedge.exe	98
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 2296	4776	msedge.exe	100
PID 4776 wrote to memory of 2296	4776	msedge.exe	100
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 4052	4776	msedge.exe	99
PID 4776 wrote to memory of 4052	4776	msedge.exe	99

C:\Users\Admin\AppData\Local\Temp\pisun.exe
"C:\Users\Admin\AppData\Local\Temp\pisun.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4732
- C:\Users\Admin\AppData\Local\Temp\116add906e85427ea40769b5311bd27e.exe
  "C:\Users\Admin\AppData\Local\Temp\116add906e85427ea40769b5311bd27e.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4136
- - C:\Users\Admin\AppData\Local\Temp\59dd81d3cc9b400892adeb3d00ff5652.exe
    "C:\Users\Admin\AppData\Local\Temp\59dd81d3cc9b400892adeb3d00ff5652.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2156
- - C:\Users\Admin\AppData\Local\Temp\f6d6c6361375467b90a93d6a4fa556d6.exe
    "C:\Users\Admin\AppData\Local\Temp\f6d6c6361375467b90a93d6a4fa556d6.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:3272
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://wonderwork.ucoz.com/
      4⤵
      Drops file in Windows directory
      Enumerates system info in registry
      Modifies data under HKEY_USERS
      Modifies registry class
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of WriteProcessMemory
      PID:4776
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2e0,0x308,0x7fff3e0cf208,0x7fff3e0cf214,0x7fff3e0cf220
        5⤵
        
        PID:2920
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1852,i,11945707081774715909,489569545525660871,262144 --variations-seed-version --mojo-platform-channel-handle=3256 /prefetch:11
        5⤵
        
        PID:3124
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=3168,i,11945707081774715909,489569545525660871,262144 --variations-seed-version --mojo-platform-channel-handle=3076 /prefetch:2
        5⤵
        
        PID:4052
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2320,i,11945707081774715909,489569545525660871,262144 --variations-seed-version --mojo-platform-channel-handle=3288 /prefetch:13
        5⤵
        
        PID:2296
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3028,i,11945707081774715909,489569545525660871,262144 --variations-seed-version --mojo-platform-channel-handle=3484 /prefetch:1
        5⤵
        
        PID:1828
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3036,i,11945707081774715909,489569545525660871,262144 --variations-seed-version --mojo-platform-channel-handle=3580 /prefetch:1
        5⤵
        
        PID:244
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=3852,i,11945707081774715909,489569545525660871,262144 --variations-seed-version --mojo-platform-channel-handle=4552 /prefetch:9
        5⤵
        
        PID:2524
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=3872,i,11945707081774715909,489569545525660871,262144 --variations-seed-version --mojo-platform-channel-handle=4564 /prefetch:1
        5⤵
        
        PID:348
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=3840,i,11945707081774715909,489569545525660871,262144 --variations-seed-version --mojo-platform-channel-handle=4548 /prefetch:1
        5⤵
        
        PID:2360
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=3888,i,11945707081774715909,489569545525660871,262144 --variations-seed-version --mojo-platform-channel-handle=4576 /prefetch:9
        5⤵
        
        PID:352
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4780,i,11945707081774715909,489569545525660871,262144 --variations-seed-version --mojo-platform-channel-handle=5048 /prefetch:14
        5⤵
        
        PID:4348
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5236,i,11945707081774715909,489569545525660871,262144 --variations-seed-version --mojo-platform-channel-handle=5248 /prefetch:14
        5⤵
        
        PID:848
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=5240,i,11945707081774715909,489569545525660871,262144 --variations-seed-version --mojo-platform-channel-handle=5372 /prefetch:1
        5⤵
        
        PID:5776
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3064,i,11945707081774715909,489569545525660871,262144 --variations-seed-version --mojo-platform-channel-handle=4472 /prefetch:14
        5⤵
        
        PID:5012
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5176,i,11945707081774715909,489569545525660871,262144 --variations-seed-version --mojo-platform-channel-handle=4528 /prefetch:14
        5⤵
        
        PID:2316
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5844,i,11945707081774715909,489569545525660871,262144 --variations-seed-version --mojo-platform-channel-handle=5852 /prefetch:14
        5⤵
        
        PID:3416
      - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe
        
        cookie_exporter.exe --cookie-json=1140
        6⤵
        
        PID:3012
    - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6112,i,11945707081774715909,489569545525660871,262144 --variations-seed-version --mojo-platform-channel-handle=6136 /prefetch:14
        5⤵
        
        PID:1576
    - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6112,i,11945707081774715909,489569545525660871,262144 --variations-seed-version --mojo-platform-channel-handle=6136 /prefetch:14
        5⤵
        
        PID:1116
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6268,i,11945707081774715909,489569545525660871,262144 --variations-seed-version --mojo-platform-channel-handle=6280 /prefetch:14
        5⤵
        
        PID:5056
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6272,i,11945707081774715909,489569545525660871,262144 --variations-seed-version --mojo-platform-channel-handle=6356 /prefetch:14
        5⤵
        
        PID:2256
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6288,i,11945707081774715909,489569545525660871,262144 --variations-seed-version --mojo-platform-channel-handle=6416 /prefetch:14
        5⤵
        
        PID:1812
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6256,i,11945707081774715909,489569545525660871,262144 --variations-seed-version --mojo-platform-channel-handle=6412 /prefetch:14
        5⤵
        
        PID:2160
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6300,i,11945707081774715909,489569545525660871,262144 --variations-seed-version --mojo-platform-channel-handle=4388 /prefetch:14
        5⤵
        
        PID:5696
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5112,i,11945707081774715909,489569545525660871,262144 --variations-seed-version --mojo-platform-channel-handle=5084 /prefetch:14
        5⤵
        
        PID:1472
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6508,i,11945707081774715909,489569545525660871,262144 --variations-seed-version --mojo-platform-channel-handle=6680 /prefetch:14
        5⤵
        
        PID:4072
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7140,i,11945707081774715909,489569545525660871,262144 --variations-seed-version --mojo-platform-channel-handle=7008 /prefetch:14
        5⤵
        
        PID:396
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4840,i,11945707081774715909,489569545525660871,262144 --variations-seed-version --mojo-platform-channel-handle=4828 /prefetch:14
        5⤵
        
        PID:1428
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4836,i,11945707081774715909,489569545525660871,262144 --variations-seed-version --mojo-platform-channel-handle=4784 /prefetch:14
        5⤵
        
        PID:2012
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4848,i,11945707081774715909,489569545525660871,262144 --variations-seed-version --mojo-platform-channel-handle=4820 /prefetch:14
        5⤵
        
        PID:4372
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5480,i,11945707081774715909,489569545525660871,262144 --variations-seed-version --mojo-platform-channel-handle=4812 /prefetch:14
        5⤵
        
        PID:5588
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6432,i,11945707081774715909,489569545525660871,262144 --variations-seed-version --mojo-platform-channel-handle=7292 /prefetch:10
        5⤵
        
        PID:5616
- - C:\Users\Admin\AppData\Local\Temp\8386c0803abd47ff87102dcc364115e5.EXE
    "C:\Users\Admin\AppData\Local\Temp\8386c0803abd47ff87102dcc364115e5.EXE"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:1788
- - C:\Users\Admin\AppData\Local\Temp\cc27c1a06721400580cfa78d9444cad8.exe
    "C:\Users\Admin\AppData\Local\Temp\cc27c1a06721400580cfa78d9444cad8.exe"
    3⤵
    PID:3716
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c start shutdown /s /f /t 0
    3⤵
    PID:2768
  - - C:\Windows\SysWOW64\shutdown.exe
      shutdown /s /f /t 0
      4⤵
      PID:3184
- C:\Users\Admin\AppData\Local\Temp\3c338058306d40f6b3b6cc5e8ec5c881.exe
  "C:\Users\Admin\AppData\Local\Temp\3c338058306d40f6b3b6cc5e8ec5c881.exe"
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Users\Admin\AppData\Local\Temp\ff2cc4f3be654b94afda37a8fd949192.exe
  "C:\Users\Admin\AppData\Local\Temp\ff2cc4f3be654b94afda37a8fd949192.exe"
  2⤵
  PID:580
- C:\Users\Admin\AppData\Local\Temp\821c1566c0eb4260a51d66f11ef57763.exe
  "C:\Users\Admin\AppData\Local\Temp\821c1566c0eb4260a51d66f11ef57763.exe"
  2⤵
  PID:2116
- C:\Users\Admin\AppData\Local\Temp\251dd8972c564d4f8d5d8de6356a0c6d.exe
  "C:\Users\Admin\AppData\Local\Temp\251dd8972c564d4f8d5d8de6356a0c6d.exe"
  2⤵
  PID:1852
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 516
    3⤵
    - Program crash
    PID:1120

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3052

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:5544

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:5588

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:3204

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:2484

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004DC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 1852 -ip 1852
1⤵
PID:5252

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39ec855 /state1:0x41c64e6d
1⤵
PID:3560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
cbc9fc2d9ad2df85283109b48c8e6db0

SHA1
721ea0dfafd882d6354f8b0a35560425a60a8819

SHA256
7c21b286b304b2b42ab3502158aef04892b60c63007b8ed7172dad86a4bcebbe

SHA512
09594b5f33704cf367960376e5abc8cbfa7baead59c3f199ffd365a9a9c2159b45f6596d597ebdd033db5436c000faac3c5b2fb39e97fc17b102d03831265609

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
046b1cdbd636e82e7711ea1fde31d7e3

SHA1
f5fa4183cb259a99b4148ee957a5f76e80a77ada

SHA256
40328502d95af4c1db45d98abe8c4e9214d80a8df7f0b8f19f81edd5e121f90a

SHA512
460ba5792f0df64289ff4057d04615973a7844b2fd2c14df554600c141d720fcf13d9e9c8449ac57e50fa074a81887437918970881b4d48f7a7ee3521bac8eb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
3697fe1bb92ebc915db49416d0dbab37

SHA1
2b4eb193c8a0bec7b33a28ab9b23f8f5c8337f5e

SHA256
84a7590e849999574a148adfc2f1e3b7c45c9845b49308a25aca01fecf843110

SHA512
923f159df4ba6fd388ac66408159aae0c98160603dd2f5160e1b84c31fc9eb89b8367b106c6779a0e728e575b84ba94f5a8a8eb09f580f7febf509214866ffbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
389d88106d609a13c2c9cab5a19e71a5

SHA1
a796a8de4fb0f478959828a1c2a675340a8ec52d

SHA256
bc66c3e7cb8700a477a67f248a12d13967ec9fd1149c30cd33fdf2efe487d4dc

SHA512
83e96f59b4002824bdbf44a48988247c907ffc0dc98d87998f61dc098898a3029c8e42b9187cabfa2dd853533e8fb942fa2e30dfeb7ee46d40d692b95136f141

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5951c0.TMP

Filesize
3KB

MD5
ab4f88ce2bfbff05572b58ea9d3ea935

SHA1
684b59adddeeb50ba88db30237b62fd95e0c3a91

SHA256
c3a9f3415ad2f547ed004099cfa2a7fd198b454bb90e0ce671e2f938713f1d36

SHA512
3d09fe85424eddbcbacaf19d9e4dcc3f13cefb01728461dc2a82a721e33467ce6cc69299e7d663d00df52ebbf121fff565e2951e668f0e8a01e7f9864f77c44e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
69KB

MD5
164a788f50529fc93a6077e50675c617

SHA1
c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48

SHA256
b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17

SHA512
ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js

Filesize
9KB

MD5
3d20584f7f6c8eac79e17cca4207fb79

SHA1
3c16dcc27ae52431c8cdd92fbaab0341524d3092

SHA256
0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643

SHA512
315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
a066862a06a5f458209b39396c0b1254

SHA1
8fa4095df74350d2bb8b41c98fe6baaca6d66b93

SHA256
9a22be60ed1d9457ddd232bf98296e25432cce3dd7f25362263c6559eefd94f9

SHA512
45e794dfd6dea1f57d4c61cc728b9995e1e96c15f0d6ba1d824945604792f6dc2cad7b82e344845893ba265874595fe029b20adf8608aed5eb1eff38a18b9c25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
ad7d09c0b4530707b70894c8b5fbab93

SHA1
cf29be1a09bf14eaa2f773fb1c96e74bed270e9b

SHA256
58ce779b2c914fe1c15a26407f7ec4bb2298ce99a3bd82b52feb5e9620f09a86

SHA512
6735a1982491c8380ff2e95c4815b0a804d3bc67f584ce8c8d40dd0700c7e7563424a3068b9ebb6c1f101ffc5fd4a8b6401d9d98e846ebe748b4eb51718b078e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
6381b70e69de34ea2d9181c65ba00166

SHA1
9e9b03e729d175c67da213438b1a1a134a59fe22

SHA256
c5dc5326b09c15db0022a6308ba9070899304d967d51d33e87873ac3516b72e7

SHA512
f0146e0aa99f83f607deec33812fd021de2752951f69f5e0406f8b87dd92290e2c80bc0215a7ee1a783355fa17219d207b62734d4aa8ed274fbe9486e20fa966

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
f48b0905d1105266c57e9a1a6e5afd24

SHA1
0b3243c8e277171ab091a82c7b2d5ef5b8c04921

SHA256
88068cb4b1b1343deabac06812ae054de4757642a2d56c14c6c0451074fb3931

SHA512
254b6eb05ea08dbf5843715528f2c03dd2cc84875ba6166c1352f1fc4f7c7d2be30d9ebeab4ec9cc693c8376f29cb275984314de8784a4ce5c43f15c05dea372

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
c34adfee73deaf1fe91614b1d5d6acd6

SHA1
64029690c2d5b75170c66e84d52c524fddc33b89

SHA256
4c16445754782227b372bdee39a15c629dd9888d0523384c8760af9ad41ee810

SHA512
a621d6d279fe19c4c45da85e64b9237dacd6145e1d92d3fdd4e4ce8956baa803af152e88e4fbf2c9b48300673dbcdfb992d6432b093926019dd1355d714980dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
37KB

MD5
fceabe22a9d940c08fa9a91cd86b7c32

SHA1
05fb2f35e47d1a3f75331bbf754539759607e4ff

SHA256
3631f1dcf006e863b20a1fae6fe4dddb60e25e22b7bc6647070b0501ff59ffc9

SHA512
f6701616c75f09690b0fd2b39bd47686b314467b71e1a64736ef75138d92f783090f89c764d9397e3a26c8150249348ab447bc50af60495d1aebd255b5526cf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\06defb15-b0c5-4150-ab1f-6f61b4798b78.tmp

Filesize
21KB

MD5
e4dfd0504387a1ebcc4a48846e44a23e

SHA1
a5a91da421e3d8728ae857694dbeb24ea72b7866

SHA256
d3c39babd9652bcdb02ae17f895437ed85f617cb04f7ba4bbaf7ad7e8ab78cb6

SHA512
94a1d4ab7b18763b55c9246d73feb0ed64a7e506572884a2940696b12910d6ff2a03a0b1aca3e4035a81548633acd437e762e758952ba72dafc97f191e46d419

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
880B

MD5
6bab54cb23e00dbb586f9dea3d016152

SHA1
2db4ffc959637fbc3a33b6e2f34445474dd57854

SHA256
d571b9362b0d20e05f4e6ca7cb4bffc3bd3c51d0bf2ee7c878f13fb7bb408ed8

SHA512
6c3d5d6e1a4dc09510a225f1d5542b498bfcce9c8c302bfd515d35c5ddb3c16a00a20fd8064656fa10bf2ae44c60c697d704d60ffcc5906a77a87dda8ad68d86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
22KB

MD5
68e9d266824187cfb4c4faa10a1c9cdf

SHA1
692eb4fcc14994878850fa38900bec9613bb2c15

SHA256
e7afb984fa11c916954de6741608277e48ec0b61be5ae55aef0728d30e4ec8de

SHA512
0ea78101663e42b0132936f9ec5b2132ae114dff4fd1cd2b536fb171f187b6163bf2e010ff23f4bda460e2ad821e3e1998e219a1ec9fba3a72df58b9e0b487f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RFe5ac19c.TMP

Filesize
469B

MD5
eb97b143065545aaa30983a26a2752b7

SHA1
973a9e49cd395e69fa3f2f614d8b2e56fedbca01

SHA256
35c8b31c619f5da0e7fb49ad73cc1375a64965f72e59a93aa2798a82d9ecaf00

SHA512
7f334966ee72d3e4f6f33fad56b99a4da17f6f4c53bfa86d4bc8643dbbd862e43c07b913c8dacb0e9d949da3278558ba436a26f10f637163588eca40ba17ee34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
30KB

MD5
fba0b881bad80006f6f934bc8e527dd9

SHA1
350be9e531acf935def58c75225e6791a3d136ed

SHA256
048a9b9efcacffc53fbb22ecc041acc8bf409bffa7cf1836bbe47adc5a9dc4c2

SHA512
64b7aa68431eaf58bda8a213d8d1072c37805d9368ee7272d152b69c0a7c32fdab436dd01c6fa461c5e589583b409fbfd640b44041633dbc6d4415387e352406

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
6KB

MD5
3a645fc1f8a7c132e3147381bd06f72c

SHA1
49089e7458ef0e0e24855958e2bc5dd2881a120c

SHA256
51e8d961036f30f2099d4f1792823b9f0b2cbca6abeb016e09667801523d6876

SHA512
bd076d4b135df241bc53285065de60824248d66d54616f00142e634f49e4eacd5969cef052decbf94b87463339f55b1c96403028d21688207e3f0f16fb15619b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
7KB

MD5
01d3d8115948e401c172bf193ced2b03

SHA1
65b515367ad880b7628cab2ef8a1d0450d4292e4

SHA256
f4152f8896c798706c7347019622d076497913873dd1f2e0604258eb1be23047

SHA512
3ec9cf349ad405813527c7e483feab2de0f7afc1a2dfb527a4b53161c077199b0c3be1473e2dd614f7fa2c285800f20e91b6faac6af59aa9cf8ca0fc7c950a6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
34KB

MD5
76c41f5c4d766fc6e0ff6d94d23caa4b

SHA1
2ca656efb912e7d8411f988de9a1088b5258e174

SHA256
149b1d1d9d6d117773a36c1c66da2d7f071c5a20b9fca00a8c198e86f0de44d7

SHA512
176abd6a37d64a6b56dbdc9ff98270e8d362efe7c6e908a39ba6e6a56a262043be22648710471c771e8ddf1ee5d3ce392992f6767148cf9d563196cfc6076bf3

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\919126e1-52b2-4342-ad4b-ff87d25dc5d5.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\03cb5ef0-c2ea-4b70-aab1-11eafbd1b37d.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Temp\116add906e85427ea40769b5311bd27e.exe

Filesize
54KB

MD5
036b3d9a4d952a24395e7bb611c343fc

SHA1
c22e1bd6a08cb355af0916d071c1bca492b71948

SHA256
4f04da82187c751bef7418649b8581ae26258687eb437293bc1580339de7a414

SHA512
2a0e6508fba8adec93929db094e664b252cfa635694a7d2e72c4b7d3ba2be6d30c37e5de17559dd728fdeda27fd5f843247a197339255b1d2c178dea34c6652b

Download Submit
C:\Users\Admin\AppData\Local\Temp\251dd8972c564d4f8d5d8de6356a0c6d.exe

Filesize
47KB

MD5
c61693e8d501dcdbcd2346853a80417a

SHA1
edf5803d2c9cc7807b571d9d081ca06387ee7cd9

SHA256
f0d5399c42971102e56abbcc9efd1d0b104ddb36da5bccd67e18850a1a21fad4

SHA512
8cc0fe94e144e754cf0fd0d4de2f4361adaf7fc83116fc3009272efa6df2eb0c60b04dc037ffde1581906471196ffae0cb51262a7ac731b515ff091a64da41d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\3c338058306d40f6b3b6cc5e8ec5c881.exe

Filesize
4.7MB

MD5
bb4a5266324a3dee6cb4b06d03f3f3e9

SHA1
9f08e998088faa8386928c4a4dcbca5214b4f422

SHA256
7dd0d8c33379f84e3e23d29340051465197735d7fc1e5debf9bf5a6b4f220484

SHA512
18fc7355ea1182096aac1786369e07b0828346dcb68405082089c2498fbaffce32563cb666600e6d50ea4c0810ffaa8bbbca014e4b5fd14a0c6100483885ad66

Download Submit
C:\Users\Admin\AppData\Local\Temp\59dd81d3cc9b400892adeb3d00ff5652.exe

Filesize
16KB

MD5
683bcb1f86f4410931abe39a63eb7057

SHA1
d338aac5ff479fc94d3c840e862665de1dac8c8f

SHA256
c9f03a39789f7322ae43604db6ce7da86765ad4b13207091683cf47bdea8de12

SHA512
60b596947d93fdb196fcf338af92d26cdd82396283316352ead078ce1a85943bb85264901318f7061e6b0e49058ace521831a9275c025526373d9168c757cdd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\821c1566c0eb4260a51d66f11ef57763.exe

Filesize
135KB

MD5
c971c68b4e58ccc82802b21ae8488bc7

SHA1
7305f3a0a0a0d489e0bcf664353289f61556de77

SHA256
cede0b15d88c20bc750b516858f8bf31ee472f6cbd01640840890736c4333cce

SHA512
ff199691c35f2748772410bf454e8b76dd67d892dd76fc87d20b3bbe6c145c6af1685344de636326692df792f55d0fba9a0025a7cf491d0b4e73ff45c3b039d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\8386c0803abd47ff87102dcc364115e5.EXE

Filesize
32KB

MD5
0e89a28bcf39b8ffd68b55117aa2c8c0

SHA1
f66ccc5892a386208fb3c105ed4b34e7e817cc51

SHA256
5ed6b1884460c35b8d585fe11bcf8eb156180d7e30bc22182409b251dd02f1c3

SHA512
a249eca07cea3180b8d0928659f2178163f03ef3b839f7482b3a26cf746e847fb1ae9b12e3b67071ab8e87fa58401e3d4395bcb58a7ca467cfbe38afd96b4054

Download Submit
C:\Users\Admin\AppData\Local\Temp\cc27c1a06721400580cfa78d9444cad8.exe

Filesize
28KB

MD5
62cbb85434223022a0b0e369b227a3d9

SHA1
4978b691168f16c678a1ffe53e126ba1d946bce0

SHA256
ea3087204e3ed644308a0a96bbf319590a9b2701ac850bb63f2ba3dc4955f1fd

SHA512
f76d281ce4c4401315f811dba1512757fa59a9c1ca6486c006f7861aed793a1f196fd66b772405374a751f383b5a234234e64de16f2fe9d613694e354b882f69

Download Submit
C:\Users\Admin\AppData\Local\Temp\d1c91eb5-2c75-45e3-879f-0cc77a9d467d.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\f6d6c6361375467b90a93d6a4fa556d6.exe

Filesize
571KB

MD5
ab1d6a0b504e8302bfa1761e8ab6198d

SHA1
982fbb07d7b18bf160f3111711fe5c194f7347d9

SHA256
33a4b7269c1ff49c478d1da7a466d64a6ffdd8aa34f627a284bb5e6ee0cccb4a

SHA512
8c88f1c61ac71a8dd2a2e89c0278c64576555a24e5f011898a4941fa1ebf501d0d2b19a9ea64053c55f703ca4440d2e30d30abfcc7a9f814a9f010c8dc156e17

Download Submit
C:\Users\Admin\AppData\Local\Temp\f6d6c6361375467b90a93d6a4fa556d6.ini

Filesize
70B

MD5
c00ce9ed943065e34ae082f0dc82bb89

SHA1
c5d364ac6c9cf5a132104a9aba36306d84ef877b

SHA256
fefd534f4da1143b737a1b024203aadd65154ff969b3fa5ecd2b8cb05caf066f

SHA512
86645fe0983989c98a11f84f60a292298679df5b0f79b52b01e1eab3af4fdda73b5a6405ef6d27329311cdcd5798ccbf29b2a31dcf177986a08e77248417a752

Download Submit
C:\Users\Admin\AppData\Local\Temp\ff2cc4f3be654b94afda37a8fd949192.exe

Filesize
7.4MB

MD5
3c3d1168fc2724c551837a505ea4374e

SHA1
86c913a12067fd2c1bbc31fb64a5b5d056175841

SHA256
f91c14c328544a2d4cc216c7c2115283806fa3201d40bd3c7c5d79dccd025b09

SHA512
0f181c9753a3f55e4f4a434ea3e972e00b46fb7319d95a4b7a5c7d09888537df4a8fc4c2c5e0232f96b441727e45a595eed42721ff8c7799302e4d3f13156a8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4776_787388999\1f870985-d6b7-42fd-8212-9546d80c19a9.tmp

Filesize
10KB

MD5
78e47dda17341bed7be45dccfd89ac87

SHA1
1afde30e46997452d11e4a2adbbf35cce7a1404f

SHA256
67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550

SHA512
9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
4783b0868655f364dfeb36cd01bd5f63

SHA1
d6295fb216828b1b09e0e03eb8a9131f9af03568

SHA256
f49a73c1438f51e726444f21fa8a56e321ff0d6b40d0c2ebd33f50d719a5f317

SHA512
ed9ccc3cdb4ade9b354da5996f8da43af5d32fa999e2dc7c750cc94c0d0de8c9fdda8171027bfbd19f34b2a73f261a8c6066d5a85c59f03964c74f19d43c8f85

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
c8c5986e16a12e922afcc7abf08aa05e

SHA1
e9849832c2ae0bac59946caa2046db18c74edc4d

SHA256
101b49909fe48d1c6132406c2c77cc2a2cd86c10658b49b4efeb7ef90da2cb39

SHA512
7a1ec3b5bc73b6a75394e3122d8c821f434fafef3d651ace92e9b77879e7a91ec35575492e59365264d743ffc22f167570277b344a20ae502f7678bf99a3dcae

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
c827473fbed5aa029a7b52613de82faa

SHA1
ba0f95f85a50b94beb234ecaebf4274537dcfdc1

SHA256
46ac46fdfa74c44442d4af565c7328f68300f41ada6e3b27bcee60da4bf54d6d

SHA512
8e0e222468a5dc2a8f5a704b9e16b219e0cdb93ee74c05402d6df0eb8169a951d5f840110de85ffb6b149e46719036de0e4b44bfa3dc17add598a5e9a63f3faf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
67b202aaa2bca8acf9661d7d0102aae7

SHA1
b798e83f9dfca41268622fa4c1d78d7cbcbe0eac

SHA256
2dcc18ce8521b24099f5d9abf2935d00738886ce1cb3b2c0b7a6c170376ea4cc

SHA512
67be452a2eab9629fe203baa8dae515050e16f8e1835a4166a0a10ce4d995ae7f468e6c7229f9625dc3da6926031b7000f067dbc419e61883c3775e55afff593

Download Submit
memory/580-8016-0x0000000005850000-0x0000000005DF6000-memory.dmp

Filesize
5.6MB

Download
memory/580-8023-0x0000000005340000-0x00000000053D2000-memory.dmp

Filesize
584KB

Download
memory/580-8009-0x0000000000280000-0x00000000009E0000-memory.dmp

Filesize
7.4MB

Download
memory/580-8054-0x00000000054E0000-0x00000000054EA000-memory.dmp

Filesize
40KB

Download
memory/1788-10265-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1788-8438-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1788-3181-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1788-4024-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1788-9444-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1788-5067-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1788-9933-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1788-10796-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1788-6329-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1788-7554-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1788-11251-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2156-42-0x000000001B670000-0x000000001B716000-memory.dmp

Filesize
664KB

Download
memory/2156-45-0x0000000000E60000-0x0000000000E68000-memory.dmp

Filesize
32KB

Download
memory/2156-44-0x000000001C1C0000-0x000000001C25C000-memory.dmp

Filesize
624KB

Download
memory/2156-46-0x000000001C420000-0x000000001C46C000-memory.dmp

Filesize
304KB

Download
memory/2156-43-0x000000001BBF0000-0x000000001C0BE000-memory.dmp

Filesize
4.8MB

Download
memory/2764-3061-0x000001E7FB320000-0x000001E7FB7D8000-memory.dmp

Filesize
4.7MB

Download
memory/3272-2518-0x0000000000400000-0x0000000000495000-memory.dmp

Filesize
596KB

Download
memory/4136-16-0x0000000075380000-0x0000000075931000-memory.dmp

Filesize
5.7MB

Download
memory/4136-28-0x0000000075380000-0x0000000075931000-memory.dmp

Filesize
5.7MB

Download
memory/4136-17-0x0000000075380000-0x0000000075931000-memory.dmp

Filesize
5.7MB

Download
memory/4136-15-0x0000000075380000-0x0000000075931000-memory.dmp

Filesize
5.7MB

Download
memory/4136-20-0x0000000075380000-0x0000000075931000-memory.dmp

Filesize
5.7MB

Download
memory/4136-19-0x0000000075380000-0x0000000075931000-memory.dmp

Filesize
5.7MB

Download
memory/4136-18-0x0000000075380000-0x0000000075931000-memory.dmp

Filesize
5.7MB

Download
memory/4732-6-0x0000000075380000-0x0000000075931000-memory.dmp

Filesize
5.7MB

Download
memory/4732-5-0x0000000075380000-0x0000000075931000-memory.dmp

Filesize
5.7MB

Download
memory/4732-4-0x0000000075380000-0x0000000075931000-memory.dmp

Filesize
5.7MB

Download
memory/4732-3-0x0000000075380000-0x0000000075931000-memory.dmp

Filesize
5.7MB

Download
memory/4732-0-0x0000000075381000-0x0000000075382000-memory.dmp

Filesize
4KB

Download
memory/4732-2-0x0000000075380000-0x0000000075931000-memory.dmp

Filesize
5.7MB

Download
memory/4732-1-0x0000000075380000-0x0000000075931000-memory.dmp

Filesize
5.7MB

Download